<?php
class xl_users{
    function read_name($name){
        global $dbh;
        $sql='SELECT user_name FROM users WHERE user_name=:name LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':name'=>$name));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function read_email($email){
        global $dbh;
        $sql='SELECT * FROM users WHERE email=:email LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':email'=>$email));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function read_account($account){
        global $dbh;
        $sql='SELECT account FROM users WHERE account=:account LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':account'=>$account));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function insert_user($data){
        global $dbh;
        $sql='INSERT INTO users (account,password,password_confirmed,user_name,birthday,gender,address,identity_card,email,phone,news_admin,news_member,image,code_active,active,ip,day_time) 
                VALUE (:account,:password,:password_confirmed,:name,:birth_day,:gender,:address,:identity_card,:email,:phone,:news_admin,:news_member,:image,:code_active,:active,:ip,:day_time)';
        $sth=$dbh->prepare($sql);
        $sth->execute($data);
        return $sth;
    }
    function login_user($email,$pass){
        global $dbh,$password,$check_email;
        $pass=md5($email.md5($pass));
        if($password == $check_email['password']){
            $sql='SELECT * FROM users WHERE email=:email AND password=:pass LIMIT 0,1';
        }
        if($password == $check_email['password_confirmed']){
            $sql='SELECT * FROM users WHERE email=:email AND password_confirmed=:pass LIMIT 0,1';
        }
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':email'=>$email,':pass'=>$pass));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function info_account($id){
        global $dbh;
        $sql='SELECT * FROM users WHERE id=:id LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id'=>$id));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function check_user($email){
        global $dbh;
        $sql='SELECT * FROM users WHERE email=:email LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':email'=>$email));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function check_active($active){
        global $dbh;
        $sql='SELECT code_active FROM users WHERE code_active=:acitve LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':acitve'=>$active));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function active($code_active){
        global $dbh;
        $sql='UPDATE users SET active=1 WHERE code_active=:code_active';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':code_active'=>$code_active));
        return $sth;
    }
    function check_active_order($active_order){
        global $dbh;
        $sql='SELECT code_active FROM orders WHERE code_active=:active_order LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':active_order'=>$active_order));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function active_order($code_active){
        global $dbh;
        $sql='UPDATE orders SET checkout=1 WHERE code_active=:code_active';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':code_active'=>$code_active));
        return $sth;
    }
    function reset_pass($password_confirmed,$code_active,$email){
        global $dbh;
        $password_confirmed=md5($email.md5($password_confirmed));
        $sql='UPDATE users SET password_confirmed=:password_confirmed,active=0,code_active=:code_active WHERE email=:email LIMIT 1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':password_confirmed'=>$password_confirmed,':email'=>$email,':code_active'=>$code_active));
        return $sth;
    }
    function check_password($pass){
        global $dbh,$_SESSION;
        $pass=md5($_SESSION['login_user']['email'].md5($pass));
        $sql='SELECT password,password_confirmed FROM users WHERE password=:pass OR password_confirmed=:pass LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':pass'=>$pass));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function update_password($password,$email){
        global $dbh,$_SESSION;
        $password=md5($_SESSION['login_user']['email'].md5($password));
        $sql='UPDATE users SET password=:password,password_confirmed=:password WHERE email=:email LIMIT 1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':password'=>$password,':email'=>$email));
        return $sth;
    }
    function check_id($id,$email){
        global $dbh;
        $sql='SELECT id,email FROM users WHERE id!=:id AND email=:email';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id'=>$id,':email'=>$email));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function update_editing($data){
        global $dbh;
        $sql='UPDATE users SET password=:password,password_confirmed=:password,user_name=:name,birthday=:birth_day,gender=:gender,address=:address,identity_card=:identity_card,email=:email,phone=:phone,day_time=:day_time WHERE id=:id';
        $sth=$dbh->prepare($sql);
        $sth->execute($data);
        return $sth;
    }
    function insert_wishlist($wishlist,$email){
        global $dbh;
        $sql='UPDATE users SET wishlist=:wishlist WHERE email=:email LIMIT 1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':wishlist'=>$wishlist,':email'=>$email));
        return $sth;
    }
    function read_wishlist($id){
        global $dbh;
        $sql='SELECT wishlist FROM users WHERE id=:id LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id'=>$id));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function read_product($id){
        global $dbh;
        $sql='SELECT * FROM product WHERE id=:id';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id'=>$id));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
}